15 Replies Latest reply on Jul 24, 2017 10:27 AM by Dan Stevens.

    Using a sub-domain for SPF/DKIM/DMARC authentication - to tighten security

    Dan Stevens.

      We were recently notified by our security team that they are not allowing any email sent by third-party providers (like Marketo) to authenticate as our primary domain (avanade.com) - to mitigate against any spoofing, phishing attempts, Marketo getting hacked, etc.  Instead, we need create a subdomain - like "marketing.avanade.com" when configuring SPF/DKIM/DMARC.  This is also in alignment with our parent company, Accenture (and Microsoft).  I just wanted to get some thoughts from the experts in the community around this topic (e.g., Sanford Whiteman) before I give the go-ahead to proceed with this.  I guess what's most concerning is when we use tokens - like "sales owner email" to populate the FROM and REPLY-TO fields of an email.  We will constantly need to ask IT to map any new email addresses to one that has this new sub-domain.


      Interested to hear what others have to say about this - especially those that use this approach today.  Anything we need to be aware of, gotchas, etc.?